Layer 3 or 2 or What did I do...FWS

charles3 · ‎02-02-2011

I setup an FWS with base L3 code. When I set the default gateway as the switch IP on one of the devices attached to a tagged port I cannot ping 4.2.2.2 from the device. If I set the default gateway to the Cisco firewall, I can ping. Here's the config: I appreciate any ideas..

sho run
Current configuration:
!
ver 07.2.02aT7e1
!
module 1 fws1g-24-port-copper-base-module
!
!
!
!
vlan 10 by port
tagged ethe 0/1/1
untagged ethe 0/1/2 to 0/1/12
router-interface ve 10
!
vlan 20 by port
tagged ethe 0/1/1 ethe 0/1/24
router-interface ve 20
!
vlan 100 by port
tagged ethe 0/1/1 ethe 0/1/13 ethe 0/1/24
router-interface ve 100
!
vlan 110 by port
tagged ethe 0/1/1 ethe 0/1/13 ethe 0/1/24
router-interface ve 110
!
vlan 200 by port
tagged ethe 0/1/1 ethe 0/1/15 ethe 0/1/24
router-interface ve 200
!
vlan 201 by port
tagged ethe 0/1/1 ethe 0/1/15 ethe 0/1/24
router-interface ve 201
!
vlan 300 by port
tagged ethe 0/1/1 ethe 0/1/14 ethe 0/1/24
router-interface ve 300
!
vlan 4000 name DEFAULT-VLAN by port
!

default-vlan-id 4000
no ip dhcp-client auto-update enable
ip dns server-address 8.8.8.8

(NOTES: firewall has IP for each network)

ip route 10.0.10.0 255.255.255.0 10.0.10.5
ip route 10.0.20.0 255.255.255.0 10.0.20.1
ip route 10.1.10.0 255.255.255.0 10.1.10.1
ip route 10.10.10.0 255.255.255.0 10.0.10.5 (allows VPN network to talk to 10.0.10.0 network, need the VPN to make it to the other networks too)
ip route 10.2.0.0 255.255.255.0 10.2.0.1
ip route 10.2.1.0 255.255.255.0 10.2.1.1
ip route 10.3.0.0 255.255.255.0 10.3.0.1
ip route 10.1.0.0 255.255.255.0 10.1.0.1

!
interface ethernet 0/1/1
port-name ASA5510 WAN e0/1
!
interface ethernet 0/1/2
port-name ASA5510 Management
!
interface ethernet 0/1/3
port-name ASA SSM-10 IPS MGMT
!
interface ethernet 0/1/4
port-name VM1.Mgmt.NIC0
!
interface ethernet 0/1/5
port-name VM2.Mgmt.NIC1
!
interface ethernet 0/1/6
port-name VM3.Mgmt.NIC1
!
interface ethernet 0/1/13
port-name VM1.Network
!
interface ethernet 0/1/14
port-name VM2.Network
!
interface ethernet 0/1/15
port-name VM3.Network
!
interface ethernet 0/1/24
port-name Backup NAS
!
interface ve 10
ip address 10.0.10.1 255.255.255.0
!
interface ve 20
port-name VLAN 20 Backup Router
ip address 10.0.20.1 255.255.255.0
!
interface ve 100
ip address 10.1.0.2 255.255.255.0
!
interface ve 110
ip address 10.1.10.1 255.255.255.0
!
interface ve 200
ip address 10.2.0.2 255.255.255.0
!
interface ve 201
ip address 10.2.1.2 255.255.255.0
!
interface ve 300
ip address 10.3.0.2 255.255.255.0
!
!
!
end

Total PORT-VLAN entries: 8
Maximum PORT-VLAN entries: 64

Legend:

PORT-VLAN 10, Name, Priority level0, Spanning tree Off
Untagged Ports: (U0/M1)   2   3   4   5   6   7   8   9 10 11 12
   Tagged Ports: (U0/M1)   1
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 20, Name, Priority level0, Spanning tree Off
Untagged Ports: None
   Tagged Ports: (U0/M1)   1 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 100, Name, Priority level0, Spanning tree Off
Untagged Ports: None
Tagged Ports: (U0/M1)   1 13 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 110, Name, Priority level0, Spanning tree Off
Untagged Ports: None
   Tagged Ports: (U0/M1)   1 13 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 200, Name, Priority level0, Spanning tree Off
Untagged Ports: None
   Tagged Ports: (U0/M1)   1 15 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 201, Name, Priority level0, Spanning tree Off
--More--, next page: Space, next line: Return key, quit: Control-c
Untagged Ports: None
   Tagged Ports: (U0/M1)   1 15 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 300, Name VM3.JDO, Priority level0, Spanning tree Off
Untagged Ports: None
   Tagged Ports: (U0/M1)   1 14 24
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 4000, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
Untagged Ports: (U0/M1) 16 17 18 19 20 21 22 23
   Tagged Ports: None
   Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
     Monitoring: Disabled

BR-SSH@TCITSW1#sho

ip route
Total number of IP routes: 8, avail: 1012 (out of max 1020)
D:Connected R:RIP S:Static O:OSPF *:Candidate default
        Destination     NetMask         Gateway         Port       Cost   Type
1       10.0.10.0       255.255.255.0   0.0.0.0         v10        1      D
2       10.0.20.0       255.255.255.0   0.0.0.0         v20        1      D
3       10.1.0.0        255.255.255.0   0.0.0.0         v100       1      D
4       10.1.10.0       255.255.255.0   0.0.0.0         v110       1      D
5       10.2.0.0        255.255.255.0   0.0.0.0         v200       1      D
6       10.2.1.0        255.255.255.0   0.0.0.0         v201       1      D
7       10.3.0.0        255.255.255.0   0.0.0.0         v300       1      D
8       10.10.10.0      255.255.255.0   10.0.10.5       v10        1      S

mschipp · ‎12-13-2009

Hi Charles3,

Looking at you show ip route - there is no route for 4.2.2.2.

You also have no default route.

so from config term prompt, use ip route 0.0.0.0 (to destional of your firewall. This should fix your issue.

Thanks

Michael.

mschipp · ‎12-13-2009

Hi Charles3,

If I have answer your question, can you please mark as answered?

Thanks

Michael.

Products

Solutions

Education & Certification

Tools

Technology

Technology

Industry

Global Services

International

Office of the CTO

Corporate

Partners

Ethernet Switches & Routers

Layer 3 or 2 or What did I do...FWS

Re: Layer 3 or 2 or What did I do...FWS

Re: Layer 3 or 2 or What did I do...FWS

Join the Community